How to apply patches on OpenBSD system/kernel and packages easily

I am a regular Linux system user. In Linux (especially CentOS), I am used to applying updates a few times a week using yum command, but how do I do that on my OpenBSD severer? How do I apply updates on OpenBSD operating system? OpenBSD is just like Linux. However, it does not use the yum command. It depends on upon a tool called pkg_add. You can use pkg_add to apply updates or install new packages in binary format. There are three ways to keep your OpenBSD based packages, kernel and base system up to date. The first method requires applying patches and compiling the software. The second method depends on 3rd party to apply kernel and binary package patches. The third method uses the syspatch command. I recommend using 3rd method for OpenBSD version 6.1 and above users.

Adblock detected 😱

My website is made possible by displaying online advertisements to my visitors. I get it! Ads are annoying but they help keep this website running. It is hard to keep the site running and producing new content when so many people block ads. Please consider donating money to the nixCraft via PayPal/Bitcoin, or become a supporter using Patreon.

Method #1: Keeping your OpenBSD 6.2 up to date using source code

First download source code for OpenBSD 6.2. cd command, enter:

Step 1: Grab the source code

# cd /usr/srcSetup OpenBSD mirror to use and version number for ease of use:# BASE="http://mirror.esc7.net/pub/OpenBSD" # VER="6.2" Now grab the source code for both the OpenBSD userland/base system and kernel, using ftp command, run:# ftp ${BASE}/${VER}/src.tar.gz \ ${BASE}/${VER}/sys.tar.gz \ ${BASE}/${VER}/SHA256.sig Sample outputs:Fig.01: Grab the source code in /usr/src

Step 4: Apply the patch (kernel and base system) one-by-one:

Let us start with 001_sshd.patch.sig patch file. You need to type the following command to see the errata/path info:# more 001_sshd.patch.sig Sample outputs:Fig.05: Finding more info about the patch and how to apply it on OpenBSD You can apply patch by doing:# signify -Vep /etc/signify/openbsd-59-base.pub -x 001_sshd.patch.sig \ -m - | (cd /usr/src && patch -p0) Sample outputs:

And then rebuild and install patched sshd:# cd /usr/src/usr.bin/ssh # make obj && make depend && make && make install You may have to reboot the system for kernel updates. Please note that each errata patch will have different information on how to apply and install the patch, so you need to read them carefully using more command. You need to repeat this procedure for all patches. I suggest you subscribe to OpenBSD announce mailing list to get info about the errata. You need to repeat the procedure for rest of all of downloaded patches.

Step 5: Upgrade all 3rd party packages

Simply type the following pkg_add command:# export PKG_PATH=ftp://mirror.planetunix.net/pub/OpenBSD/`uname -r`/packages/`machine -a`/ # pkg_add -Uuv See this page for more info.

Keeping your installed OpenBSD packages up to date is hard and time-consuming. Nobody wants to read the mailing lists to spot security fixes and/or updates never mind wanting to build new packages from their ports tree and manually install them on each of their servers and/or desktops.

For this reason M:Tier is launching a new package repository which includes the latest security fixes and critical updates for OpenBSD since 5.3

It’s easy to setup and even easier to maintain…you don’t need to do anything anymore. M:Tier will even notify you by e-mail if there’s an update available (unless you opt-out).

Say hello to openup from mtier

You can use openup command. It is a small utility for OpenBSD that can be run standalone and that checks for security updates in both packages and the base system. openup uses the regular pkg tools, it does not implement anything on top. You need to trust mtier and openup maintainers to use this command. This command act like ‘yum update’ or ‘apt-get upgrade’ command. First, step is to grab the openup:# cd /root # ftp https://stable.mtier.org/openup # chmod +x openup Run it to update your system including packages:# ./openup Sample outputs from freshly installed OpenBSD 5.9 system:Fig.05: Use M:Tier’s OpenBSD packages and binpatches updates to keep your system up to date including 3rd party packages Here is another example. In this case I’m running openup on freshly upgraded OpenBSD from 5.9 to 6.0:# /root/openup===> Checking for openup update ===> Downloading and installing public key ===> Removing old release binpatch entries ===> Installing/updating binpatch(es) quirks-2.241 signed on 2016-07-26T16:56:10Z binpatch60-amd64-kernel-1.0: ok binpatch60-amd64-perl-1.0: ok binpatch60-amd64-relayd-1.0: ok binpatch60-amd64-smtpd-1.0: ok ===> Updating package(s) quirks-2.241 signed on 2016-07-26T16:56:10Z !!! !!! System must be rebooted after the last kernel update !!! #

Please note that M:Tier offers two service levels:

LTS: binpatches, LTS package updates and support for the two most recent releases

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Your support makes a big difference:

I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft takes a lot of my time and hard work to produce. If everyone who reads nixCraft, who likes it, helps fund it, my future would be more secure. You can donate as little as $1 to support nixCraft: